Web RDP usage scenarios in Igiko Management Tools

february 20, 12:50 pm
Article, Web RDP, RMM

This article is focused on various use cases for Web RDP, one of the major features of Igiko Management Tools. It’s used to provide remote access to physical and virtual machines through a web browser.

Remote access is provided using the RDP Gateway, a module integrated into the app. Users connect to their remote machines when using Igiko Management Tools from their web browser via a special HTML5 RDP Client. It initiates a secure connection with the gateway port and, after verifying the access rights, enables direct interaction between the user and remote machine. At the same time, there’s neither direct browser connection to the remote machine nor possibility to start a malware attack via the RDP.

For details of how to work with the RDP when using Igiko, see the previous article. Now, we’ll describe the cases when our product is the best choice for enabling and managing remote access to physical server desktops, user PCs, or virtual machines (VMs).

SME

Igiko is the best option for a company of any size and in any area of business if they need to provide employees with access to their corporate network computers at a minimum cost, yet via secure channels. This may be required in the following cases:

  • If your company employees go on a business trip but need to access their desktop PCs, corporate network resources, information systems, or, for instance, certain demo materials or software deployed in your office.
  • If you need an employee, who is away on vacation, sick leave, or any temporary leave, to help with an urgent issue even if they only have a smartphone at hand. For example, send a file to a colleague from their desktop PC or personally make some important changes to a document or information system.
  • If you decide to arrange remote workspaces for your employees. This approach has lots of advantages and a large number of research articles have already been written on the topic, such as Gartner research on Remote Working Trends https://www.gartner.com/en/documents/3839063. Companies are increasingly introducing practices to provide their employees with an opportunity to work from home both occasionally and on a permanent basis. Such employees are not restricted in their location, they can move anywhere anytime while still being ‘on the job’. Virtually, wherever they are, they will always be able to work from their office computers, access any corporate resources and software that is hard, very costly, or dangerous to install locally on their laptops or PCs.

The cases are not new and are already being dealt with to a certain extent. The question is how efficient, convenient for users, or safe for your business it is.

The table below describes the most common practices and their disadvantages:

Method

Configuration

Disadvantages as compared to Igiko

Using the native RDP

 

  • Open DP ports on employee PCs.
  • Configure NAT port mapping from external IPs to employee PCs.
  • Let the employees know their PC IP addresses and ports.
  • Inconvenient in administration, this approach is only used by small companies.
  • Not safe: all ports are open, direct access to the RDP, no SSL used.
  • Client access from Windows PCs only, other platforms require an RDP client installed.
  • Unable to access a Hyper-V virtual machine with no IP (in an isolated network).
  • Unable to access a Hyper-V virtual machine with an OS other than Windows.

Using Microsoft RDS

  • Install the Remote Desktop Services role on the server.
  • Configure the use of an SSL certificate issued by a trusted CA or generated by the corporate CA.
  • Configure the CAP.
  • Configure the RAP.
  • Configure NAT mapping for port 443 from an external IP to the RDS gateway.
  • Let the employees know the RDP gateway address and how to activate it in the settings.
  • Requires a server OS and a configured Active Directory domain.
  • Configuration must be performed by a competent administrator.
  • Client access from Windows PCs only, other platforms require an RDP client installed.
  • Unable to access a Hyper-V virtual machine with no IP (in an isolated network).
  • Unable to access a Hyper-V virtual machine with an OS other than Windows.

Using remote
assistance software

  • Install special software on each PC or VM (to be accessed remotely).
  • Install special software on a client machine (that remote access is required from).
  • Let every employee know the unique ID and password to access their computers remotely.
  • You need to install software on each machine that requires remote access.
  • You need to install software on each device that is used for remote access.
  • The cost is usually higher due to redundant remote assistance vs. remote access functionality.
  • In most cases, during an active user session, the screen of their desktop PC is seen to others, as physical peripheral devices (such as a mouth or keyboard) take priority over control by the remote user. That’s not safe.
  • Unable to access a Hyper-V virtual machine with no IP (in an isolated network).
  • Unable to access a Hyper-V virtual machine with an OS other than Windows.


As compared to legacy/ill-fitting techniques, the use of Igiko has the following advantages:

  • You only need to install it on a single machine in your corporate network.
  • No special knowledge is required to configure the app and carry out access management.
  • There’s no need to install the app on client devices that remote access is done from.
  • It can be used from any device with a modern web browser that supports HTML5.
  • RDP ports are hidden and protected against attacks.
  • Communications are TLS-encrypted.
  • It enables access to your corporate network PCs based on both Windows Domains and Workgroups.
  • Users can access Hyper-V virtual machines regardless of their OS type and with no IP required.

So if your company starts using Igiko, your employees just need a web browser to access their PCs remotely, regardless of the physical device they use (a smartphone, tablet, laptop, or desktop PC) or the OS it is running on (Windows, Linux, Android, iOS, or macOS), and even no matter whether they use their own device or a computer in an internet café, hotel lobby, or airport lounge. This can even be a friend’s smartphone. Igiko will be equally efficient and secure when working with documents or programs on a remote PC.

Collocation Facility

In case you have your own servers hosted by hosting providers, especially if you use them for hosting Hyper-V virtual machines, Igiko will help you enable access to your servers and VMs. Moreover, you’ll be able to configure access permissions to the resources for your employees.

This approach is actively used by web studios and small/medium IT companies. Their VMs are run on servers that are hosted by a hosting provider. The VMs, in their turn, host websites, web services, databases, and, possibly, special server software. Moreover, for security reasons, some software and services, including DBs, may be completely isolated from the external network at the level of the VM itself. In this case, a DB administrator or programmer must have direct access to it.

What adds more problems is that you either sacrifice the security in terms of employees’ access rights to your resources (as the user who needs access to an isolated VM should also have access to the virtualization server), or have to grant direct access to such VMs by assigning a public IP and opening an RDP port or to configure NAT on the server and, once again, open the RDP port on the VM.

For Igiko, none of that poses a problem: with the web console, a connection can be established even to a fully isolated VM that has no IP and is based on any OS. The secret is in the integrated RDP Gateway that is capable of establishing native VM connections (that require no RDP connection with the VMs themselves), and, of course, in the HTML5 RDP client running on the web browser side.

In other words, all you need is to install Igiko on your server and grant users access rights to the servers and VMs. This only requires a single IP of the server itself. After that, there will be no need to assign its own dedicated public IP to each VM or server only to grant your employees or customers access to them.

Hosting Providers

Igiko may be of interest to VDS/VPS hosting providers that rent out dedicated virtual machines to customers.

For example, if we take a provider’s infrastructure based on Microsoft Hyper-V, in most cases it’s managed by the System Center Virtual Machine Manager + Windows Azure Pack or advanced Microsoft Azure Stack. The solutions are expensive and characterized by deployment and setup complexities. Moreover, they aren’t very user-friendly due to redundant functionality that users mostly don’t need. One can say they’re more oriented towards experienced and tech-savvy users such as administrators, developers, and so on. All told, they provide no simple solution to the problem with remote access to VDS unlike Igiko. You still need to have a public IP for a VM only to be able to use a regular RDP connection, which, as described above, is not a secure access method. Not to mention that, for security reasons, a specific VM may not have a public IP or internet access at all. In this case, a customer will need to set up special gateways on their own.

Many providers strive to improve user experience in terms of VM access and bypass this restriction themselves with varying degrees of success. Some of them use a clumsy solution providing access to the System Center console within a closed network. Others deploy and integrate solutions like Apache Guacamole. Igiko is an off-the-shelf solution that you can adapt to your needs by integrating it with your customer self-service portal through the OData and REST API with PowerShell support coming soon. Just integrate a number of calls into your system to add a user and assign resources to them. Users immediately get access to their VMs via a web browser. They can see the VM performance indicators and perform basic operations.

If you’re a small hosting company or provide VDS as a complementary service, for example, a web studio or software vendor hosting VDS on your own servers for your customers, then it’s evident that you’ll build your infrastructure without using the System Center and much more Azure Stack, since these solutions are very expensive. A common alternative is to use a server or cluster based on the free Microsoft Hyper-V Server. In this case, Igiko Management Tools is an out-of-the-box solution. Just create a user for your customer, assign them VMs in Igiko, and let them know their credentials.

IT Administration

Igiko makes it much easier to provide remote access to machines under corporate network administration. Once the app is installed and all machines that need to be accessed on a periodic basis are added to it, an administrator can anytime connect to the required machines with a couple of clicks. They don’t need to remember their addresses, usernames, and passwords, as all these are already stored in the app. A connection is established immediately and, moreover, one can concurrently work with multiple machines, without breaking a session, by simply switching between them via the web app’s tabs. For the current session, one can always enter fullscreen mode.

Apart from the functionality of providing remote access to server desktops, VMs, or user workstations, Igiko allows you to monitor the load on the machines and their performance. All data is displayed on the main dashboard and, if a problem occurs, the administrator can timely respond to an abnormal situation. The solution also provides such basic features as apps management, On/Off, restart, install/uninstall, and so on, both performed immediately or scheduled for later execution. We’ll discuss this in more detail in one of our future articles.

Igiko Management Tools is convenient to use for access, control, and management both within your corporate network and in case of remote administration. For example, an administrator who has a number of companies to support receives an administration request from network users. All they need to do is to open Igiko in the browser using the address displayed for this company and carry out the necessary actions. They can immediately see all the available machines and their current status.

Software Development and QA

Software development and QA teams often need test beds for debugging and testing an app being developed, especially if it’s a desktop app or a complex distributed solution. The larger the team, the more machines they need. Previously, this problem was solved by purchasing and allocating physical machines: either additional PCs and laptops or common physical servers shared by all employees. However, this approach is non-optimal, expensive, and inflexible, although it’s still justified in some cases. QA engineers need test beds with various OS and preinstalled basic components and should be able to promptly switch between them and roll them back to the initial default state.

Virtualization systems are ideal for this use case. The most common ones are VirtualBox and VMWare, which are mostly used on local user PCs, and more advanced hypervisors based on hardware virtualization, such as Hyper-V and ESX. VirtualBox and VMWare are much less efficient in terms of performance and require purchasing powerful computers for QA engineers and software developers so that they could work with multiple concurrently running VMs. Their advantage is in the fact that each QA engineer fully controls their own VMs and has no access to those of others. The disadvantages include the following: it's economically not feasible to have a fleet of powerful workstations, it’s not convenient for the company’s system administrators to administer VMs, and there’re problems providing access to other employees, QA engineers, or software developers, for example, to directly debug detected bugs.

The modern approach is to deploy virtualization servers or even a cluster of virtualization servers based on Hyper-V (there’s a free OS version), create ready-to-use VM templates for various OS, and provide QA engineers and software developers with individual VMs. Using the snapshot technology, they can anytime roll back an “unhealthy” or “full” machine to its initial state in a couple of seconds.

You should keep in mind that the Hyper-V Manager basic functionality doesn’t provide for VM user access management. Moreover, it requires that a management console be installed on QA engineers’ machines, which is not always possible. You also need to disclose administrator-level usernames and passwords, which is not acceptable. As an option, you can build the entire infrastructure on Microsoft System Center Virtual Machine Manager, but it’s highly complicated and very expensive.

Igiko Management Tools provides a minimum-cost solution to this problem. The app runs in a web browser and requires no installation. It can even work on Unix and MacOS and caries out access management on its own. Usernames and passwords for managing the host itself are hidden from users. They can easily connect to a VM even if it has no network adapter, see its current status, major load indicators, current issues, if any, and manage the VM status.

The same is true when, instead of your own virtualization servers for testing purposes, you use a third-party cloud infrastructure based on Azure, Amazon Web Services, and the like. You don’t need to provide users with access to a cloud account or redundant functionality. All you need is to deploy Igiko on a VM with a public IP and configure user access rights to private network VMs that may even have no public IP.


Training Centers

Another Web RDP use case involves organization and conduct of training courses. For example, there are dozens of VMs with preinstalled and preconfigured apps that are required for training. You send users their usernames and passwords to log in to Igiko where they can see their respective VMs, which, for security reasons, have no internet access. With a web browser, the users can easily log in to their VMs and use them in fullscreen mode to perform certain tasks for training.

After the session is over, you can turn off the VMs and roll them back to their initial “clean” state. For the training provider, there’s no risk of malicious user actions, as the user can neither access the internet from these VMs, nor copy any files to/from them, even if they use the clipboard. The VMs remain fully isolated.

Summary

Igiko Management Tools is a feature-rich solution that enables remote access to server desktops, client and virtual machines with a wide range of use cases. It’s incredibly simple to install, set up, and use in any conditions and from any devices. All you need is a web browser. Thanks to its integrated functionality for managing access to various objects and granting user permissions to perform certain operations, it can be used under complex multi-user scenarios. The app’s monitoring and control modules in most cases surpass a significant part of features required by a business.

 

Leave a comment

Name*
E-mail*
Message*
*required fields
Please verify that you are not a robot

No comments yet